Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Robust external container registry #945

Merged
merged 1 commit into from
Dec 8, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions qhub/deploy.py
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,8 @@ def guided_install(
f'"{config["domain"]}" [Press Enter when Complete]'
)

# Now Keycloak Helm chart
targets = ["module.kubernetes-keycloak-helm"]
# Now Keycloak Helm chart (External Docker Registry before that if we need one)
targets = ["module.external-container-reg", "module.kubernetes-keycloak-helm"]
logger.info(f"Running Terraform Stage: {targets}")
terraform.apply(
directory="infrastructure",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,20 @@ module "kubernetes-ingress" {

### Keycloak


module "external-container-reg" {
source = "./modules/extcr"

count = {{ cookiecutter.external_container_reg.enabled | default(false,true) | jsonify }} ? 1 : 0

namespace = var.environment
access_key_id = "{{ cookiecutter.external_container_reg.access_key_id | default("",true) }}"
secret_access_key = "{{ cookiecutter.external_container_reg.secret_access_key | default("",true) }}"
extcr_account = "{{ cookiecutter.external_container_reg.extcr_account | default("",true) }}"
extcr_region = "{{ cookiecutter.external_container_reg.extcr_region | default("",true) }}"
}


resource "random_password" "keycloak-qhub-bot-password" {
length = 32
special = false
Expand Down Expand Up @@ -204,7 +218,8 @@ module "kubernetes-keycloak-helm" {


depends_on = [
module.kubernetes-ingress
module.kubernetes-ingress,
module.external-container-reg
]
}

Expand Down Expand Up @@ -294,14 +309,6 @@ module "qhub" {

dask_gateway_extra_config = file("dask_gateway_config.py.j2")

extcr_config = {
enabled : {{ cookiecutter.external_container_reg.enabled | default(false,true) | jsonify }}
access_key_id : "{{ cookiecutter.external_container_reg.access_key_id | default("",true) }}"
secret_access_key : "{{ cookiecutter.external_container_reg.secret_access_key | default("",true) }}"
extcr_account : "{{ cookiecutter.external_container_reg.extcr_account | default("",true) }}"
extcr_region : "{{ cookiecutter.external_container_reg.extcr_region | default("",true) }}"
}

forwardauth-callback-url-path = local.forwardauth-callback-url-path

OAUTH_CLIENT_ID = local.jupyterhub-keycloak-client-id
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ ingress:
# we will need to define our own IngressRoute elsewhere.
enabled: false

imagePullSecrets:
- name: "extcrcreds"

extraEnv: |
- name: PROXY_ADDRESS_FORWARDING
value: "true"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ scheduling:
enabled: false
replicas: 1

imagePullSecrets:
- extcrcreds

singleuser:
defaultUrl: "/lab"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -394,15 +394,3 @@ resource "kubernetes_manifest" "forwardauth" {
}
}
}

module "external-container-reg" {
source = "../../extcr"

count = var.extcr_config.enabled ? 1 : 0

namespace = var.namespace
access_key_id = var.extcr_config.access_key_id
secret_access_key = var.extcr_config.secret_access_key
extcr_account = var.extcr_config.extcr_account
extcr_region = var.extcr_config.extcr_region
}
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,6 @@ variable "certificate-secret-name" {
default = ""
}

variable "extcr_config" {
description = "Customer's access details for external container reg"
type = map(any)
}

variable "forwardauth-callback-url-path" {
description = "Callback URL Path for ForwardAuth"
type = string
Expand Down